Microsoft Copilot (Microsoft 365): Content suggestions in Word

🚨 The Signal: Copilot in Word now offers content suggestions, potentially exposing sensitive data to the AI model for analysis. This increases the risk of inadvertent data leakage if not properly governed.

The Impact

All users interacting with Copilot in Word are affected, increasing the risk of sensitive information exposure through AI processing.

• End Users: Risk of inadvertently submitting sensitive data for AI analysis.
• Security Teams: Need to monitor data flows and enforce Copilot data governance policies.
• Data Owners: Increased responsibility to classify and protect sensitive documents used with Copilot.
• Compliance Teams: Must review and update data handling policies for AI interactions.

The Action

1. Review and enforce Microsoft Purview Data Loss Prevention (DLP) policies for Copilot interactions.
2. Educate users on appropriate data handling when using Copilot's content suggestions.
3. Monitor Copilot usage logs for unusual data access patterns via Microsoft 365 Audit Log.
4. Ensure sensitivity labels are correctly applied to documents to guide Copilot's data access.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps